Private military and security companies are an essential component of the global fight against maritime piracy. As of today, “there are well over 200 PMSC's in operation, with teams embarked on an estimated 30%-60% of the 40,000 ships that transit the Indian Ocean each year.” These companies operate in international waters and are subject to various rules depending on the laws of the Flag State and the contract signed with the shipping company. As a result, despite a recent multiplication of certification schemes, reporting of incidents is often not mandatory and the supervision and oversight mechanisms are not binding. This engenders “a partial regulatory vacuum” and leaves the crucial question of PMSC’s accountability unanswered. More importantly, PMSCs “have yet to be subject to a standardized, industry-wide use of force policy that would mitigate the possibility that lethal force is used inappropriately.”

By Jon Huggins and Matt Walje

In the spring of 2012, a video surfaced which showed Privately Contracted Armed Security Personnel (PCASP) firing on a suspected pirate skiff off the coast of Somalia. It is a clear sunny day in open water, and the team leader is observing the approaching skiff from the bridge. Garbled radio traffic is heard, and the command to fire warning shots is given. A PCASP runs from the bridge and starts firing alongside one of his team members as the skiff nears the ship. Before more than four shots are fired it is obvious that the security team is firing into the pirate skiff. The small, open speed boat slams into the side of the massive merchant vessel, almost overturning, as heavy fire from the security team continues. More shots are fired at the spinning skiff as it disappears in the wake. The PCASP runs out of ammunition and he is seen to reload his assault rifle as the video is cut off.

The report for this incident, published in the International Maritime Bureau's (IMB) Annual Report for 2011 is brief and appears to lack important details:

"Seven pirates armed with guns in two skiffs launched from a mother vessel, chased and fired upon the ship underway with intent to hijack. Master raised alarm, contacted authorities, increased speed and took evasive maneuvers. As the skiffs came closed to 50 meters, armed security team onboard fired warning shots. The pirates aborted the attempted attack. The mother vessel was observed 4nm away."

This video and its various postings have been viewed over 70,000 times and have created controversy as many viewers were shocked by the level of violence it contains. This video raises questions about the conduct of security teams, and the potential excesses that may arise in their conduct of operations.

This incident at sea was one of more than 199 piracy attacks reported to the IMB in 2011, and illustrates the challenges regarding the use of PCASP in fighting piracy. Among the main issues being discussed are:

What are the oversight mechanisms and vetting requirements for private security teams?

What are the rules regarding the reporting of incidents?

Despite its criminal nature, piracy has historically been addressed by naval forces. Unfortunately, the sheer size of the so-called High Risk Area (HRA) in the Indian Ocean has overwhelmed the 20+ naval vessels that conduct counter-piracy under the flag of NATO, the European Union and numerous independent naval operations. This gap in security has provided a lucrative market for private security forces and has resulted in an explosion of the Private Maritime Security Companies (PMSC) that contract PCASP to individual vessels. Today there are well over 200 PMSC's in operation, with PCASP teams embarked on an estimated 30%-60% of the 40,000 ships that transit the Indian Ocean each year.

PCASP teams employed by ships are governed by vastly different levels of oversight, depending on the laws of the Flag State where the ship is registered and the contract signed between the PMSC and the shipping company. The challenge of regulating the actions of these teams is further complicated by the fact that the PCASPs operate in international waters, far beyond the reach of any serious oversight or supervision. The lack of verified reports of wrongful death and injury by PCASP teams is touted as evidence that more regulation is not necessary and would simply be a burden on the industry. However, a lack of reported incidents in this kinetic and dangerous environment seems to be cause for suspicion, not validation.

Recently, coastal states have called for more stringent oversight of PCASP and other maritime stakeholders have called for the removal of the teams. However, these calls have met with opposition by those who point out that no ship employing armed security has ever been taken by pirates. As 2015 approaches, marking a possible end to international counter-piracy mandates and a resulting decrease in navy patrols, the success of PCASP in deterring or preventing hijackings has been welcomed by many naval states and has even been suggested as a possible permanent solution to maritime piracy.

PCASP oversight issues are complicated by significant variation in Flag State regulations, leaving PCASP teams to operate in a partial regulatory vacuum. In order to demonstrate some level of oversight and legitimacy, multiple certification schemes have cropped up.

SAMI, the Security Association for the Maritime Industry, is a for-profit certification scheme with 185 member companies, of which only 23 have completed the first level of certification.

The International Code of Conduct (ICoC) for private security service providers has 238 maritime security companies as signatories. However, signatories incur no legal obligations and simply agree that the principles of the Code of Conduct should dictate their actions. While an accountability mechanism is under development for the ICoC, it may be difficult to enforce the provisions of the Code in such a challenging environment as the open sea.

ASIS International, a preeminent security industry organization, is in the process of finalizing their draft of PSC. 4, which is a set of guidelines applicable to maritime security. Unfortunately, while this document provides recommendations for use of force and reporting, it does not provide requirements. As such its effect is limited to the voluntary compliance of PMSC's.

One of the largest shipping associations, the Baltic International Maritime Company (BIMCO), also has attempted to standardize the relationship between shipping companies and PMSCs through the creation of a template contract called GUARDCON for use by member companies. Numerous other certification schemes created by Protection and Indemnity (P&I) Clubs decorate the websites of various PMSC's as well.

The Maritime Security Committee of the International Maritime Organization (IMO) is drafting a standards and oversight document with the assistance of the International Standards Organization. It is hoped that once this document is agreed upon, most of the major Flag States will incorporate the standards into their oversight regulations.

Unfortunately, it is clear that in spite of these efforts, regulations cannot be effective unless they are clearly defined and enforced by legitimate authorities.

Of the 24 major Flag States, only 17 require reporting of any kind to the Flag State, and only 6 require any form of reporting to international bodies. Most open registries provide only "guidance" for PCASP. This guidance is characterized by the use of the term "should" and generally lacks definitive direction. Without a clear oversight framework from the Flag State, ship masters and PCASP teams focus on the relationship with the shipping companies that are their clients.

The reporting of incidents that are resolved without damage to the ship or injury to the crew is also effectively dis-incentivized, since the reporting PCASP may open themselves to lengthy investigation and review of certification and training. To complicate matters, confidentiality agreements, where incidents cannot be reported to outside agencies are sometimes incorporated as a part of the PMSC contract with the shipping company.

This lack of transparency extends beyond the ambiguous reporting requirements on the part of Flag States, and spills over into the independent and international regulatory and certifying bodies. BIMCO's GUARDCON contract and the ICoC both require that security incidents be reported to the appropriate bodies, but only insofar as the Flag States' regulations require. A clear definition of appropriate bodies is also conspicuously absent. The IMO Guidance and Best Management Practices (BMP4) recommend that security incidents be reported, but go no further, nor do they have the authority to do so. A lack of incentives and requirements to report incidents is made more disturbing when coupled with the lack of standards for use of force policies described briefly below.

In addition to issues of oversight and accountability, PCASP have yet to be subject to a standardized, industry-wide use of force policy. Such a policy would mitigate the possibility that lethal force is used inappropriately. And though such important governance issues have yet to be settled, PCASP will likely continue to be used in the fight against piracy in the short-to- medium term. While the number of reported piracy incidents has decreased significantly in 2012, the underlying root causes of piracy are only beginning to be addressed and as a result, PCASP may have to fill the security vacuum until these longer-term initiatives can take hold. So far, PCASP have been highly effective at repelling pirate attacks and have prevented the taking of any merchant vessel by pirates, which increases the safety of the mariners. However, the current framework where these PCASP operate is under-regulated and lacks a robust and universally agreed oversight mechanism necessary to prevent tragedies.

Unfortunately, the consequences associated with the lack of standard oversight for PCASP also has the potential to get worse before it gets better. In fact, as the number of piracy incidents dwindles, shipping companies may be drawn to cheaper, less reputable security teams under the impression that the threat is no longer as pressing. Land-based private security went through similar growing pains before coming under more responsible oversight regimes. It is hoped that the learning curve will be shorter for their maritime colleagues.

Archived Sections

Working Groups

More from GPF

FAIR USE NOTICE: This page contains copyrighted material the use of which has not been specifically authorized by the copyright owner. Global Policy Forum distributes this material without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. We believe this constitutes a fair use of any such copyrighted material as provided for in 17 U.S.C § 107. If you wish to use copyrighted material from this site for purposes of your own that go beyond fair use, you must obtain permission from the copyright owner.